Why general counsel shouldn’t ignore cybersecurity
As one can imagine, during the Covid-19 pandemic general counsel concerns are mainly focused on employment issues, contracts and supply chains. At the same time other key aspects, such us cybersecurity and data are not among their top priorities. Indeed, only 29% of the 110 in-house leaders at global companies who participated in Morrison & Foerster’s survey examining the business impacts of the coronavirus outbreak see data security as a major risk, while just 18% said privacy was among their top priorities.
«Security appears to be lower on the scale likely because the other risks are paramount at the moment. Unfortunately, the number of data security incidents is likely to rise in the near future which may impact many organizations», commented Morrison & Foerster Privacy & Data Security partner Miriam Wugmeister. In parallel, technologies that foster remote working are having a moment. This is true as most people are working remotely communicating with lawyer via online tools to reach out colleagues and clients. In this context threats increase as never happened before.
That’s why – as LatinLawyer points out – GC must ensure that their employees and business data are protected. From phishing scams to ransom threats, the use of technologies has always represented threats for companies and their legal teams. Particularly, in this moment, that employees are working via personal laptops, smartphones, tablets, sensitive or even confidential company information can be at risk. In response in-house counsel should not underestimate the situation and, on the contrary, ensure compliance with cybersecurity measures.
Furthermore – as it comes out during LC Webinar “Lockdown and data” – once employees return to work, the data issue is not over: from one hand general counsel have to update their company policies on handling health information (if they choose to screen employees) and on the other must try to figure out the kind of data available on employees’ personal devices in order to diminish the risk of a hack or cyberattack.